Firewall as a Service in OpenStack requires several improvements for real-world deployment. In this talk we will share ideas that improve Performance of firewalls and enhance OpenStack FWaaS by supporting capabilities like Scheduling and Logging.
This session will include a Demo of the work in progress.
Blueprints
Logging : https://blueprints.launchpad.net/neutron/+spec/fwaas-logging
Scheduling : https://blueprints.launchpad.net/neutron/+spec/fwaas-policy-scheduler
Performance
The current version of FWaaS configures IPTable rules in a sub-optimal way. The proposed solution aims at segregating the rules dynamically and pushing only the relevant rules on to the IPTables.
Scheduling
One of the value added feature of firewalls, used by most network admins, is the ability to schedule policies with a specific periodicity and time interval. The proposed solution aims at enhacing the FWaaS Horizon UI and Neutron plugin to enable Tenants to schedule firewall policies.
Logging
The current proposal aims at enhancing the FWaaS and enable logging on the firewall policies. The logs generated can be redirected to a Syslog server and can be analyzed by tools like Splunk.